/ec2-fingerprint-key
Created Nov 1, 2013
Simple Python script that computes both public and private RSA key fingerprints as used by Amazon EC2
| #!/usr/bin/env python | |
| import hashlib | |
| import optparse | |
| import paramiko | |
| from Crypto.PublicKey import RSA | |
| def insert_char_every_n_chars(string, char='\n', every=64): | |
| return char.join( | |
| string[i:i + every] for i in xrange(0, len(string), every)) | |
| def get_rsa_key(key_location=None, key_file_obj=None, passphrase=None, | |
| use_pycrypto=False): | |
| key_fobj = key_file_obj or open(key_location) | |
| try: | |
| if use_pycrypto: | |
| key = RSA.importKey(key_fobj, passphrase=passphrase) | |
| else: | |
| key = paramiko.RSAKey.from_private_key(key_fobj, | |
| password=passphrase) | |
| return key | |
| except (paramiko.SSHException, ValueError): | |
| raise Exception( | |
| "Invalid RSA private key file or missing passphrase: %s" % | |
| key_location) | |
| def get_public_key(key): | |
| return ' '.join([key.get_name(), key.get_base64()]) | |
| def generate_rsa_key(): | |
| return paramiko.RSAKey.generate(2048) | |
| def get_private_rsa_fingerprint(key_location=None, key_file_obj=None, | |
| passphrase=None): | |
| """ | |
| Returns the fingerprint of a private RSA key as a 59-character string (40 | |
| characters separated every 2 characters by a ':'). The fingerprint is | |
| computed using the SHA1 (hex) digest of the DER-encoded (pkcs8) RSA private | |
| key. | |
| """ | |
| k = get_rsa_key(key_location=key_location, key_file_obj=key_file_obj, | |
| passphrase=passphrase, use_pycrypto=True) | |
| sha1digest = hashlib.sha1(k.exportKey('DER', pkcs=8)).hexdigest() | |
| fingerprint = insert_char_every_n_chars(sha1digest, ':', 2) | |
| print '>>> RSA Private Key Fingerprint:\n%s' % fingerprint | |
| return fingerprint | |
| def get_public_rsa_fingerprint(key_location=None, key_file_obj=None, | |
| passphrase=None): | |
| """ | |
| Returns the fingerprint of the public portion of an RSA key as a | |
| 47-character string (32 characters separated every 2 characters by a ':'). | |
| The fingerprint is computed using the MD5 (hex) digest of the DER-encoded | |
| RSA public key. | |
| """ | |
| privkey = get_rsa_key(key_location=key_location, key_file_obj=key_file_obj, | |
| passphrase=passphrase, use_pycrypto=True) | |
| pubkey = privkey.publickey() | |
| md5digest = hashlib.md5(pubkey.exportKey('DER')).hexdigest() | |
| fingerprint = insert_char_every_n_chars(md5digest, ':', 2) | |
| print '>>> RSA Public Key Fingerprint:\n%s' % fingerprint | |
| return fingerprint | |
| def main(): | |
| usage = 'usage: ec2fingerprint [options] <rsakey>' | |
| parser = optparse.OptionParser(usage=usage) | |
| parser.add_option("-p", "--public-only", dest="public_only", | |
| action="store_true", | |
| default=False) | |
| parser.add_option("-P", "--private-only", dest="private_only", | |
| action="store_true", | |
| default=False) | |
| opts, args = parser.parse_args() | |
| if len(args) != 1: | |
| parser.error("please specify a single RSA private key file") | |
| path = args[0] | |
| if opts.public_only: | |
| get_public_rsa_fingerprint(key_location=path) | |
| elif opts.private_only: | |
| get_private_rsa_fingerprint(key_location=path) | |
| else: | |
| get_public_rsa_fingerprint(key_location=path) | |
| get_private_rsa_fingerprint(key_location=path) | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
TakingItCasual commentedJun 1, 2018
•
edited
How to get public RSA fingerprint without using the dead pycrypto? Does anybody have a solution using cryptography or paramiko?